RedEye Ransomware

The RedEye Ransomware is a threat that claims to be an encryption ransomware Trojan. However, encryption ransomware Trojans are designed to encrypt the victims' data to make it inaccessible and ask the victims for payment in exchange for the decryption key. Instead of encrypting the victim's files, however, the RedEye Ransomware is designed to destroy the affected files completely and irreversibly. The RedEye Ransomware does not encrypt the files but simply overwrites them with zeros, which damages them beyond recovery. The criminals responsible for the RedEye Ransomware have released effective encryption ransomware Trojans in the past, which makes it not easy to discern if the RedEye Ransomware is simply in development with an encryption module that is not enabled, or the RedEye Ransomware is meant to be destructive.

The Old Tactic Used by the RedEye Ransomware to Extort PC Users

The most likely way in which the RedEye Ransomware is distributed to victims is through spam email messages. This is the most common method in which similar threats are distributed, typically involving corrupted spam email attachments contained in campaigns that use social engineering to trick the victims into opening these attachments. Once the RedEye Ransomware is installed, the RedEye Ransomware will search the victim's computer for certain file types and then will overwrite them with zeros entirely. The files affected by the RedEye Ransomware will be turned into zero-byte files, since they will no longer contain any data. Like most ransomware Trojans, though, the RedEye Ransomware does seem to target the user-generated files since they are very precious to their owners, such as the following:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The files affected by the RedEye Ransomware also will be identified by the fact that the RedEye Ransomware will add the file extension '.RedEye' to the end of each affected file's name. Once the RedEye Ransomware has finished attacking the victim's files, the RedEye Ransomware will display a ransom note in a program window that includes several different tracks of music with unsettling sounds meant to scare the computer user. The RedEye Ransomware ransom note claims that it is necessary to pay 0.1 BTC (800 USD approximately) to recover the affected files and the victim must pay before four days pass. The RedEye Ransomware also displays a 'Destroy PC' button which, when pressed, displays the message 'There is no way to fix your PC! Have Fun to try it :).' The RedEye Ransomware's ransom note contains a link to a YouTube channel and a Discord username.

What You Should Do If Infected by the RedEye Ransomware

It is clear that, due to the method of attack used by the RedEye Ransomware, there is no point in paying the RedEye Ransomware ransom. While in most cases computer users may debate whether it is useful to pay the ransom in case there is a possibility of restoring affected files, in the case of the RedEye Ransomware it is clear that it is not useful at all since there is no real way in which the criminals can restore the data. The RedEye Ransomware will harass the victim in several other ways, including setting the victim's drives and drive partitions to 'Hidden' (to make it appears as if they are no longer there) and tampering with the Master Boot Record (MBR), which can make it impossible to start up Windows, causing the affected computer to display a message from the RedEye Ransomware instead of loading Windows.